ALT-PU-2024-11771-2
Package firmware-intel-ucode updated to version 27-alt1.20240813 for branch c10f2 in task 356253.
Closed vulnerabilities
BDU:2024-02258
Уязвимость микропрограммного обеспечения процессоров Intel, связанная с утечкой информации из векторных регистров, позволяющая нарушителю получить доступ к защищаемой информации
BDU:2024-02524
Уязвимость микропрограммного обеспечения процессоров Intel, связанная с раскрытием информации через несоответствие, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2024-02527
Уязвимость микропрограммного обеспечения процессоров Intel, связанная с нарушением механизма защиты данных, позволяющая нарушителю повысить свои привилегии
BDU:2024-02607
Уязвимость микропрограммного обеспечения процессоров Intel Xeon D, связанная с неверным вычислением, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-11-21
CVE-2023-22655
Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://security.netapp.com/advisory/ntap-20240405-0006/
- https://security.netapp.com/advisory/ntap-20240405-0006/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html
Modified: 2024-11-21
CVE-2023-28746
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- http://www.openwall.com/lists/oss-security/2024/03/12/13
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html
- http://www.openwall.com/lists/oss-security/2024/03/12/13
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
Modified: 2024-11-21
CVE-2023-38575
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://security.netapp.com/advisory/ntap-20240405-0008/
- https://security.netapp.com/advisory/ntap-20240405-0008/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html
Modified: 2024-11-21
CVE-2023-39368
Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://security.netapp.com/advisory/ntap-20240405-0007/
- https://security.netapp.com/advisory/ntap-20240405-0007/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html
Modified: 2024-08-14
CVE-2023-42667
Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.
Modified: 2024-11-21
CVE-2023-43490
Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://security.netapp.com/advisory/ntap-20240405-0009/
- https://security.netapp.com/advisory/ntap-20240405-0009/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html
Modified: 2024-11-21
CVE-2023-45733
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access.
Modified: 2024-11-21
CVE-2023-45745
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
Modified: 2024-11-21
CVE-2023-46103
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access.
Modified: 2024-11-21
CVE-2023-47855
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
Modified: 2025-03-14
CVE-2023-49141
Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.
Modified: 2024-08-14
CVE-2024-24853
Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.
Modified: 2024-08-14
CVE-2024-24980
Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
Modified: 2024-08-14
CVE-2024-25939
Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.